Abraxas
This article is about the original Abraxas. For the second version, see Abraxas_II. Virus.DOS.Abraxas, also known as Abraxas-5, is a dangerous file overwriting virus on DOS. There are 7 variants in 3 versions, represented by the following: *Virus.DOS.Abraxas.1170 *Virus.DOS.Abraxas.1214 *Virus.DOS.Abraxas.1881 There are additional 2 variants which also belong to this family. Behaviour This family of viruses uses file replacement overwriting technique to infect files, and they are not recoverable. Abraxas.1170, 1171, 1200 and 1214 When the virus is run, the virus infects C:\DOS\DOSSHELL.COM, if no such file is found, the virus creates the file. The virus also overwrites an EXE executable in the current directory and copy this infected file to the parent directory for further spreading. Abraxas.1214 infects C:\COMMAND.COM instead of DOSSHELL.COM. The timestamp of the infected file will be the time of infection. After an infection, the virus changes the current directory to one upper level. Abraxas.1304 This variant is a memory resident. Due to some programming faults, the virus installs itself into memory without infecting any file after the first run. It would infect files on the second run and so on. After an infection, the virus changes the current directory to one upper level, a copy of the infected EXE file also appears in the parent directory. Abraxas.1881 This variant is slightly different to the others, see Brain. Advanced details The following table shows the memory usage of the variants. MD5 hash: Payload Abraxas.1170, 1171, 1200 and 1304 When an infected program is run, the virus plays an ascending scale from the system speaker, followed by displaying the following text in ASCII art: ABRAXAS For Abraxas.1200.b, the display of the ASCII art is corrupted. For Abraxas.1304, due to some programming faults, the audible payload is not triggered on the first run but would display the ASCII art twice. On the second run and so on, the virus would play the scale but no ASCII art will be displayed. Abraxas.1214 This variant plays a tune which is similar to Burma and displays an indecent ASCII image that was used in some Groove strains. Variants This family has 9 variants in total: *Virus.DOS.Abraxas.1170 *Virus.DOS.Abraxas.1171 *Virus.DOS.Abraxas.1200 (A and B) *Virus.DOS.Abraxas.1214 *Virus.DOS.Abraxas.1304 *Virus.DOS.Abraxas.1881 *Virus.DOS.Abraxas.Cleton (2 variants) Also, there are more than 20 viruses have appeared which have clearly been produced with the PS-MPC: *203 *644 *Abraxas *ARCV-n (Remark: ARCV group has also produced viruses with the TPE and developed the ARCV strain) *Joshua *Kersplat *McWhale *Mimic *Small ARCV *Small EXE *Swan Song Other details Abraxas was created with the PS-MPC virus creation tool, which can be used to create similar, easily detected viruses, which are usually encrypted as well. The name "Abraxas" was used for a virus in the game Evolution. Abraxas.1881 has been identified as Brain by some antiviruses. Abraxas.1170, 1171, 1200 and 1304 contain the internal text strings: *.exe c:\dos\dosshell.com .. MS-DOS ©1992 ->>ABRAXAS-5<<-- ...For he is not of this day ...Nor he of this mind Abraxas.1214 contains the internal text strings: *.exe c:\command.com .. Darkest Avenger Isnt dedicated to Sara Gordon Its dedicated to her GROOVE! Abraxas.1881 contains the internal text strings: *.exe *.com .. References #List of variants of the Abraxas virus on VX Heaven See also *Abraxas II Media zh:Abraxas Category:Virus Category:DOS virus Category:DOS